Maniphest T208477

Move "privileged account' concept into MediaWiki core
Open, MediumPublic
Actions

Assigned To

None

Authored By

	Tgr
	Nov 1 2018, 4:02 AM

Description

IMO the kind of authentication logging we are doing [historic link] is expected from any decent application by default and should live in core. (Also, for obvious reasons the config files are a poor place for business logic.) The only reason this is not trivial to do is the wfGetPrivilegedGroups method which is used to enrich the logs and is somewhat WMF-specific. We should probably move it (and the whole logging) to core.

We could have a static User::getPrivilegedGroups() method, a $wgPrivilegedGroups config settings which defaults to admin/bureaucrat/interface-admin and a GetPrivilegedGroups hook for CentralAuth and similar extensions to tie into.

Details

Subject	Repo	Branch	Lines +/-
Flag functioneer and functionmainters as privileged	mediawiki/extensions/WikiLambda	master	+4 -0
Flag checkusers privileged	mediawiki/extensions/CheckUser	REL1_39	+3 -0
Flag stewards as privileged	mediawiki/extensions/CentralAuth	REL1_40	+3 -0
Flag stewards as privileged	mediawiki/extensions/CentralAuth	REL1_39	+3 -0
Flag test-sysops as privileged	mediawiki/extensions/WikimediaIncubator	master	+3 -0
Flag checkusers privileged	mediawiki/extensions/CheckUser	master	+3 -0
Flag stewards as privileged	mediawiki/extensions/CentralAuth	master	+3 -0
Expose PrivilegedGroups to extension schema	mediawiki/core	master	+17 -0
Flag checkusers privileged	mediawiki/extensions/CheckUser	REL1_40	+3 -0
Expose PrivilegedGroups to extension schema	mediawiki/core	REL1_40	+17 -0
Expose PrivilegedGroups to extension schema	mediawiki/core	REL1_39	+17 -0
Add UserGroupManager::getUserPrivilegedGroups()	mediawiki/core	master	+226 -1
UserGroupManager: Fixup getUserPrivilegedGroups docs	mediawiki/core	master	+6 -7
Add UserGroupManager::getUserPrivilegedGroups()	mediawiki/core	REL1_40	+227 -1
Add UserGroupManager::getUserPrivilegedGroups()	mediawiki/core	REL1_39	+227 -1

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		None	T347414 Migrate $wmgPrivilegedGroups to $wgPrivilegedGroups
		Open		None	T208477 Move "privileged account' concept into MediaWiki core

Event Timeline

Tgr created this task.Nov 1 2018, 4:02 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 1 2018, 4:02 AM

Tgr mentioned this in T150826: Remove unblockself right on wikimedia wikis (but allow blocked admins to block their blocker).Nov 26 2018, 7:51 PM

AfroThundr3007730 subscribed.Nov 27 2018, 2:20 AM

Agabi10 subscribed.Nov 27 2018, 7:21 AM

Risker subscribed.Dec 21 2018, 5:15 AM

Change 482589 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] Add User::getPrivilegedGroups()

https://gerrit.wikimedia.org/r/482589

gerritbot added a project: Patch-For-Review.Jan 7 2019, 8:22 AM

Tgr mentioned this in T69936: Provide a sane way to bypass abuse filters.Nov 27 2019, 7:01 PM

• chasemp triaged this task as Medium priority.Dec 9 2019, 4:42 PM

• chasemp added a project: Security-Team.

• chasemp moved this task from Incoming to Watching on the Security-Team board.Dec 9 2019, 5:35 PM

Tgr mentioned this in T197087: Remove or limit edituserjs and similar rights from users with "higher" access than the editor.Dec 10 2019, 5:11 AM

• chasemp added a project: Security.Feb 10 2020, 10:57 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:06 PM

Tgr mentioned this in T180896: Allow functionaries to reset second factor on low-risk accounts.Dec 20 2020, 10:37 PM

Change 482589 had a related patch set uploaded (by Reedy; owner: Gergő Tisza):
[mediawiki/core@master] Add UserManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/482589

Izno subscribed.Feb 23 2021, 6:42 AM

TheDJ subscribed.Jun 28 2021, 1:33 PM

Tgr mentioned this in T290790: Group OAuth grants by riskiness.Sep 2 2023, 10:26 AM

Change 482589 merged by jenkins-bot:

[mediawiki/core@master] Add UserGroupManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/482589

Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptSep 4 2023, 8:47 AM

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.25; 2023-09-05).Sep 4 2023, 9:00 AM

larissagaulia moved this task from Inbox, needs triage to Radar on the MediaWiki-Platform-Team board.Sep 4 2023, 11:05 AM

larissagaulia edited projects, added MediaWiki-Platform-Team (Radar); removed MediaWiki-Platform-Team.

Change 954628 had a related patch set uploaded (by Reedy; author: Gergő Tisza):

[mediawiki/core@REL1_40] Add UserGroupManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/954628

Change 954629 had a related patch set uploaded (by Reedy; author: Gergő Tisza):

[mediawiki/core@REL1_39] Add UserGroupManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/954629

Started basic documentation at https://www.mediawiki.org/wiki/Manual:$wgPrivilegedGroups

Change 954730 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] UserGroupManager: Fixup getUserPrivilegedGroups docs

https://gerrit.wikimedia.org/r/954730

In T208477#9140158, @Reedy wrote:

Started basic documentation at https://www.mediawiki.org/wiki/Manual:$wgPrivilegedGroups

And https://www.mediawiki.org/wiki/Manual:Hooks/UserPrivilegedGroups

Change 954730 merged by jenkins-bot:

[mediawiki/core@master] UserGroupManager: Fixup getUserPrivilegedGroups docs

https://gerrit.wikimedia.org/r/954730

Change 954629 merged by jenkins-bot:

[mediawiki/core@REL1_39] Add UserGroupManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/954629

Change 954628 merged by jenkins-bot:

[mediawiki/core@REL1_40] Add UserGroupManager::getUserPrivilegedGroups()

https://gerrit.wikimedia.org/r/954628

ReleaseTaggerBot added projects: MW-1.39-notes, MW-1.40-notes.Sep 4 2023, 7:00 PM

Change 954742 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@master] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/954742

sbassett awarded a token.Sep 5 2023, 2:21 PM

Change 955757 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/extensions/WikiLambda@master] Flag functioneer and functionmainters as privileged

https://gerrit.wikimedia.org/r/955757

Change 955767 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/extensions/CheckUser@master] Flag checkusers privileged

https://gerrit.wikimedia.org/r/955767

Change 955768 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/extensions/CentralAuth@master] Flag stewards as privileged

https://gerrit.wikimedia.org/r/955768

Change 955770 had a related patch set uploaded (by Jforrester; author: Jforrester):

[mediawiki/extensions/WikimediaIncubator@master] Flag test-sysops as privileged

https://gerrit.wikimedia.org/r/955770

OK, I've quickly read through every hit on this search and I think the only four production repos we care about rights from (beyond core itself) are as patched above:

[mediawiki/extensions/WikiLambda@master] Flag functioneer and functionmainters as privileged
https://gerrit.wikimedia.org/r/955757

[mediawiki/extensions/CheckUser@master] Flag checkusers privileged
https://gerrit.wikimedia.org/r/955767

[mediawiki/extensions/CentralAuth@master] Flag stewards as privileged
https://gerrit.wikimedia.org/r/955768

[mediawiki/extensions/WikimediaIncubator@master] Flag test-sysops as privileged
https://gerrit.wikimedia.org/r/955770

Change 954742 merged by jenkins-bot:

[mediawiki/core@master] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/954742

Change 955064 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@REL1_40] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/955064

Change 955065 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/core@REL1_39] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/955065

Change 955065 merged by jenkins-bot:

[mediawiki/core@REL1_39] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/955065

Change 955064 merged by jenkins-bot:

[mediawiki/core@REL1_40] Expose PrivilegedGroups to extension schema

https://gerrit.wikimedia.org/r/955064

ReleaseTaggerBot edited projects, added MW-1.41-notes (1.41.0-wmf.26; 2023-09-12); removed MW-1.41-notes (1.41.0-wmf.25; 2023-09-05).Sep 7 2023, 4:00 PM

Change 955768 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Flag stewards as privileged

https://gerrit.wikimedia.org/r/955768

Change 955767 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Flag checkusers privileged

https://gerrit.wikimedia.org/r/955767

Change 955788 had a related patch set uploaded (by Dreamy Jazz; author: Jforrester):

[mediawiki/extensions/CheckUser@REL1_40] Flag checkusers privileged

https://gerrit.wikimedia.org/r/955788

Change 955789 had a related patch set uploaded (by Dreamy Jazz; author: Jforrester):

[mediawiki/extensions/CheckUser@REL1_39] Flag checkusers privileged

https://gerrit.wikimedia.org/r/955789

Change 955788 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@REL1_40] Flag checkusers privileged

https://gerrit.wikimedia.org/r/955788

In T208477#9150179, @Jdforrester-WMF wrote:

OK, I've quickly read through every hit on this search and I think the only four production repos we care about rights from (beyond core itself) are as patched above:

Should we add push-subscripton-managers as well? Per T259148, it's some sort of system bot account.

In T208477#9150716, @Tgr wrote:

In T208477#9150179, @Jdforrester-WMF wrote:

OK, I've quickly read through every hit on this search and I think the only four production repos we care about rights from (beyond core itself) are as patched above:

Should we add push-subscripton-managers as well? Per T259148, it's some sort of system bot account.